All right, now again,
the cloud service providers location is gonna be critical. And we have to know that that should be part of the service level agreement, you know, Are you storing our data on the San Andreas Fault May not be a good time or area for that.
Are you in an area with, you know, that? Subjected to flooding, whatever again, just part of our due diligence. Do we want our data stored in an area of high crime or social and political unrest? We see that all over the world. So
where our data stored has a big impact on its security.
Remember, Data center operations?
They're the choice of the cloud service provider. That's the job of the cloud service provider to provide those resource is to us A as a customer. My due diligence says I ensure that how they do so meets my internal or external requirements.
again, usually honestly, a service level agreement isn't enough. I mean, for an exam, the answer. Maybe I'll get a service level agreement, but that's just a promise. And people break promises, companies break promises. So where we get our riel assurance is through an audit.
And when we talk about third party insurance, the way we get that is through audit Now, I do want you to know C s a star.
Um Star stands for Security, Trust and Alliance Registered Security Trust in Assurance Registry. And that is the industry standard.
1/3 party audit for Cloud service providers Audit versus from their service level agreements to their action. So it's not
that this organization is necessarily more secure than another. It's. Does this organization adhere to its service level agreement, and you'd be surprised at the areas Were major cloud service providers do not.
So it's up to us to review their rating from Cloud Security Alliance, That star registry or any other third party assurance that we can get right can't just trust the cloud Service providers say
we're good. We got you covered. So we looked 1/3 party audit we look for you know, we talked earlier about the sock documents service, organizational control documents, sock 12 and three, and how Socks three gave this assurance that was available to the public
based on the technical controls for confidentiality, integrity and availability,
that might be another means of using or do of proving our due diligence. But the bottom line is it's up to us
to determine the trustworthiness of our cloud service provider.